From 26cb5fad17e439193e5c1717c0852520168c80b0 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 4 Jan 2023 05:17:56 +0000 Subject: [PATCH 1/2] update last_rebase.sh --- scripts/auto-rebase/last_rebase.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index cabe8bc46c..b7777ab472 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2023-01-02-175114" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.12.0-0.nightly-arm64-2023-01-02-175115" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2023-01-03-161331" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.12.0-0.nightly-arm64-2023-01-03-161334" From 0e4048e0edb9ab774b7d9b2e772dcd5ea933809d Mon Sep 17 00:00:00 2001 From: ci-robot Date: Wed, 4 Jan 2023 05:19:01 +0000 Subject: [PATCH 2/2] update manifests --- assets/controllers/kube-apiserver/defaultconfig.yaml | 5 +++++ assets/release/release-aarch64.json | 2 +- assets/release/release-x86_64.json | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/assets/controllers/kube-apiserver/defaultconfig.yaml b/assets/controllers/kube-apiserver/defaultconfig.yaml index 8d944f814a..d220623742 100644 --- a/assets/controllers/kube-apiserver/defaultconfig.yaml +++ b/assets/controllers/kube-apiserver/defaultconfig.yaml @@ -170,6 +170,11 @@ apiServerArguments: - /etc/kubernetes/static-pod-certs/secrets/service-network-serving-certkey/tls.crt tls-private-key-file: - /etc/kubernetes/static-pod-certs/secrets/service-network-serving-certkey/tls.key + # CVE-2022-3259: Set HTTP Strict Transport Security + # Chrome and Mozilla Firefox maintain an HSTS preload list + # See issue: golang.org/issue/26162 + strict-transport-security-directives: + - max-age=31536000,includeSubDomains,preload authConfig: oauthMetadataFile: "" consolePublicURL: "" diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index 5d8b500536..72709a05e6 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.12.0-0.nightly-arm64-2023-01-02-175115" + "base": "4.12.0-0.nightly-arm64-2023-01-03-161334" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:caa0fe9b53e4b0d2c9988fc20fa745ad80817a7cec36ba098d1812fab03e2add", diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 72dd8ae453..fe9fa7bb7d 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,6 +1,6 @@ { "release": { - "base": "4.12.0-0.nightly-2023-01-02-175114" + "base": "4.12.0-0.nightly-2023-01-03-161331" }, "images": { "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9945c3f5475a37e145160d2fe6bb21948f1024a856827bc9e7d5bc882f44a750",